﻿<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<% Option Explicit %>
<HTML xmlns="http://www.w3.org/1999/xhtml">
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8" />
<META NAME="copyright" CONTENT="Copyright 2009-2010 - Martechina Co.Ltd" />
<META NAME="Author" CONTENT="劢格机械(中国)  Www.Martechina.Com" />
<META NAME="Keywords" CONTENT="" />
<META NAME="Description" CONTENT="" />
<TITLE>编辑管理员</TITLE>
<link href="css.css" rel="stylesheet" type="text/css">
<script language="javascript" src="../inc/Admin.js"></script>
</HEAD>
<!--#include file="../inc/Const.asp" -->
<!--#include file="../inc/ConnSiteData.asp" -->
<!--#include file="../inc/Md5.asp"-->
<!--#include file="CheckAdmin.asp"-->
<%
'cookie 验证
'if Instr(request.cookies("Martech_com")("AdminPurview"),"|6,")=0 then 
'  response.write ("<font color='red')>你不具有该管理模块的操作权限，请返回！</font>")
'  response.end
'end if

'session 验证
if Instr(session("AdminPurview"),"|6,")=0 then 
  response.write ("<font color='red')>你不具有该管理模块的操作权限，请返回！</font>")
  response.end
end if
'========判断是否具有管理权限
%>
<BODY>
<% 
dim Result
Result=request.QueryString("Result")
dim ID,AdminName,Working,Password,vPassword,UserName,Purview,Explain,AddTime
ID=request.QueryString("ID")
if ID="" then ID=0
call AdminEdit() 
%>
<table border="0" cellspacing="1" cellpadding="0" height="0" align="center" width="100%" >
  <tr>
  <td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
  <tr class=classtop>
    <td height="24" align="center" nowrap ><a href="AdminEdit.asp?Result=Add" onClick='changeAdminFlag("添加管理员")'>添加管理员</a><font color="#0000FF">&nbsp;|&nbsp;</font><a href="AdminList.asp" onClick='changeAdminFlag("网站管理员")'>查看所有管理员</a>&nbsp;|&nbsp;</font><a href="DataManage.asp?Action=DataLog" onClick='changeAdminFlag("管理员登陆日志")'>查看管理员登陆日志</a></td>    
  </tr>
</table>
<br>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
  <form name="editForm" method="post" action="AdminEdit.asp?Action=SaveEdit&Result=<%=Result%>&ID=<%=ID%>" onSubmit="return CheckAdminEdit()">
<tr>
 <td height="27" colspan="4" align="center" class="classtop"><strong>增加修改管理员</strong></td>
</tr>
      <tr class=classtd>
        <td  height="20" align="right">登&nbsp;录&nbsp;名：</td>
        <td ><input name="AdminName" type="text" class="textfield" id="AdminName" style="WIDTH: 120;" value="<%=AdminName%>" maxlength="16" <%if Result="Modify" then response.write ("readonly")%>>&nbsp;*&nbsp;3-10位字符，不可修改</td>
      </tr>
      <tr class=classtd>
        <td  height="20" align="right">生　　效：</td>
        <td ><input name="Working" type="checkbox" style="HEIGHT: 13px;WIDTH: 13px;" value="1" checked <%if Working then response.write ("checked")%>></td>
      </tr>
      <tr class=classtd>
        <td  height="20" align="right">密　　码：</td>
        <td ><input name="Password" type="password" class="textfield" id="Password" maxlength="20" style="WIDTH: 120;">&nbsp;*&nbsp;6-16位字符，不填表未修改密码</td>
      </tr>
      <tr class=classtd>
        <td  height="20" align="right">确认密码：</td>
        <td ><input name="vPassword" type="password" class="textfield" id="vPassword" maxlength="20" style="WIDTH: 120;">&nbsp;*</td>
      </tr>
      <tr class=classtd>
        <td  height="20" align="right">管理员名：</td>
        <td ><input name="UserName" type="text" class="textfield" id="UserName" style="WIDTH: 120;" value="<%=UserName%>"></td>
      </tr>
      <tr class=classtd <%if ID=1 then response.write ("style=display:none")%>>
        <td  height="20" align="right">操作权限：</td>
        <td  nowrap>
		  <input name="Purview1" type="checkbox" value="|1," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|1,")>0 then response.write ("checked")%>>&nbsp;网站设置
          <input name="Purview2" type="checkbox" value="|2," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|2,")>0 then response.write ("checked")%>>&nbsp;模板设置
		  <input name="Purview3" type="checkbox" value="|3," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|3,")>0 then response.write ("checked")%>>&nbsp;网站导航
		  <input name="Purview4" type="checkbox" value="|4," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|4,")>0 then response.write ("checked")%>>&nbsp;编辑导航
          <input name="Purview5" type="checkbox" value="|5," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|5,")>0 then response.write ("checked")%>>&nbsp;管理员管理
		  <input name="Purview6" type="checkbox" value="|6," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|6,")>0 then response.write ("checked")%>>&nbsp;编辑管理员
		  <input name="Purview7" type="checkbox" value="|7," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|7,")>0 then response.write ("checked")%>>&nbsp;修改密码
          <input name="Purview8" type="checkbox" value="|8," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|8,")>0 then response.write ("checked")%>>&nbsp;SQL记录</td>
      </tr>
      <tr class=classtd <%if ID=1 then response.write ("style=display:none")%>>
        <td  height="20" align="right">&nbsp;</td>
        <td >
		  <input name="Purview9" type="checkbox" value="|9," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|9,")>0 then response.write ("checked")%>>&nbsp;自定义表单
		  <input name="Purview10" type="checkbox" value="|10," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|10,")>0 then response.write ("checked")%>>&nbsp;数据库管理
          <input name="Purview11" type="checkbox" value="|11," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|11,")>0 then response.write ("checked")%>>&nbsp;Flash广告列表
		  <input name="Purview12" type="checkbox" value="|12," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|12,")>0 then response.write ("checked")%>>&nbsp;编辑Flash广告
		  <input name="Purview13" type="checkbox" value="|13," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|13,")>0 then response.write ("checked")%>>&nbsp;Sitemap管理
           <input name="Purview22" type="checkbox" value="|22," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|22,")>0 then response.write ("checked")%>>&nbsp;文件上传</td>
      </tr>
      <tr class=classtd <%if ID=1 then response.write ("style=display:none")%>>
        <td  height="20" align="right">&nbsp;</td>
        <td >
		  <input name="Purview14" type="checkbox" value="|14," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|14,")>0 then response.write ("checked")%>>&nbsp;企业列表
		  <input name="Purview15" type="checkbox" value="|15," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|15,")>0 then response.write ("checked")%>>&nbsp;编辑企业
          <input name="Purview16" type="checkbox" value="|16," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|16,")>0 then response.write ("checked")%>>&nbsp;新闻类别
		  <input name="Purview17" type="checkbox" value="|17," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|17,")>0 then response.write ("checked")%>>&nbsp;新闻列表
		  <input name="Purview18" type="checkbox" value="|18," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|18,")>0 then response.write ("checked")%>>&nbsp;编辑新闻
		  <input name="Purview19" type="checkbox" value="|19," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|19,")>0 then response.write ("checked")%>>&nbsp;产品类别
		  <input name="Purview20" type="checkbox" value="|20," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|20,")>0 then response.write ("checked")%>>&nbsp;产品列表
          <input name="Purview21" type="checkbox" value="|21," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|21,")>0 then response.write ("checked")%>>&nbsp;编辑产品</td>
      </tr>
            <tr class=classtd <%if ID=1 then response.write ("style=display:none")%>>
        <td  height="20" align="right">&nbsp;</td>
        <td >
		  <input name="Purview22" type="checkbox" value="|22," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|22,")>0 then response.write ("checked")%>>&nbsp;查看Sql注入
		  <input name="Purview23" type="checkbox" value="|23," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|23,")>0 then response.write ("checked")%>>&nbsp;编辑友情连接
          <input name="Purview24" type="checkbox" value="|24," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|24,")>0 then response.write ("checked")%>>&nbsp;友情连接列表
		<input name="Purview25" type="checkbox" value="|25," style="HEIGHT: 13px;WIDTH: 13px;"
		  <%if Instr(Purview,"|25,")>0 then response.write ("checked")%>>&nbsp;QQ客服管理
      </tr>
    
      <tr class=classtd <%if ID<>1 then response.write ("style=display:none")%>>
        <td  height="20" align="right">操作权限：</td>
        <td  nowrap><font color="#FF0000">内置超级管理员帐号，不可修改！</font></td>
      </tr>
      <tr class=classtd>
        <td  height="20" align="right" valign="top">备注说明：</td>
        <td ><textarea name="Explain" cols="88" rows="3" class="textfield" id="Explain" style="WIDTH: 580;" ><%=Explain%></textarea></td>
      </tr>

      <tr class=classtd>
        <td  height="30" align="right">&nbsp;</td>
        <td  valign="bottom"><input name="submitSaveEdit" type="submit" class="button"  id="submitSaveEdit" value="保存" style="WIDTH: 60;" ></td>
      </tr>
  </form>
</table>
</td>
</tr>
</table>
</BODY>
</HTML>
<%
sub AdminEdit()
  dim Action,rsCheckAdd,rs,sql
  Action=request.QueryString("Action")
  if Action="SaveEdit" then '保存编辑管理员信息
    set rs = server.createobject("adodb.recordset")
    if Result="Add" then '创建网站管理员
      set rsCheckAdd = conn.execute("select AdminName from Martech_Admin where AdminName='" & trim(Request.Form("AdminName")) & "'")
      if not (rsCheckAdd.bof and rsCheckAdd.eof) then '判断此管理员名是否存在
        response.write "<script language=javascript> alert('" & trim(Request.Form("AdminName")) & "管理员已经存在，请换一个登录名再试试！');history.back(-1);</script>"
        response.end
      end if  
	  sql="select * from Martech_Admin"
      rs.open sql,conn,1,3
      rs.addnew
      if len(trim(Request.Form("AdminName")))<3 or len(trim(Request.Form("AdminName")))>10  then
        response.write "<script language=javascript> alert('管理员登录名必填，且字符数为3-10位！');history.back(-1);</script>"
        response.end
      end if	  
      if len(trim(Request.Form("Password")))<6 or len(trim(Request.Form("Password")))>16  then
        response.write "<script language=javascript> alert('管理员密码必填，且字符数为6-16位！');history.back(-1);</script>"
        response.end
      end if
	  if Request.Form("Password")<>Request.Form("vPassword") then 
        response.write "<script language=javascript> alert('两次输入的密码不一样！');history.back(-1);</script>"
        response.end
	  end if
      rs("AdminName")=trim(Request.Form("AdminName"))
	  if Request.Form("Working")=1 then
        rs("Working")=Request.Form("Working")
	  else
        rs("Working")=0
	  end if
	  rs("Password")=Md5(Request.Form("Password"))
	  rs("UserName")=trim(Request.Form("UserName"))
	  rs("AdminPurview")=Request.Form("Purview1") & Request.Form("Purview2") &_
	                     Request.Form("Purview3") & Request.Form("Purview4") & Request.Form("Purview5") &_
	                     Request.Form("Purview6") & Request.Form("Purview7") & Request.Form("Purview8") &_
	                     Request.Form("Purview9") & Request.Form("Purview10") & Request.Form("Purview11") &_
	                     Request.Form("Purview12") & Request.Form("Purview13") &_
	                     Request.Form("Purview14") & Request.Form("Purview15") & Request.Form("Purview16") &_
	                     Request.Form("Purview17") & Request.Form("Purview18") &_
	                     Request.Form("Purview19") & Request.Form("Purview20") & Request.Form("Purview21") &_
	                     Request.Form("Purview22") & Request.Form("Purview23") & Request.Form("Purview24") &_
	                     Request.Form("Purview25") &_
	                     Request.Form("Purview26") & Request.Form("Purview27") & Request.Form("Purview28") &_
	                     Request.Form("Purview29") & Request.Form("Purview30") & Request.Form("Purview31") &_
	                     Request.Form("Purview32") & Request.Form("Purview33") & Request.Form("Purview34") &_
	                     Request.Form("Purview35") & Request.Form("Purview36") & Request.Form("Purview37") &_
	                     Request.Form("Purview38") & Request.Form("Purview39")
	  rs("Explain")=trim(Request.Form("Explain"))
	  rs("AddTime")=now()
	end if  
	if Result="Modify" then '修改网站管理员
      sql="select * from Martech_Admin where ID="&ID
      rs.open sql,conn,1,3
      rs("AdminName")=trim(Request.Form("AdminName"))
	  if Request.Form("Working")=1 then
        rs("Working")=Request.Form("Working")
	  else
        rs("Working")=0
	  end if
      if trim(Request.Form("Password"))<>"" then
	    if len(trim(Request.Form("Password")))<6 or len(trim(Request.Form("Password")))>16  then
          response.write "<script language=javascript> alert('管理员密码必填，且字符数为6-16位！');history.back(-1);</script>"
          response.end
        end if
	    if Request.Form("Password")<>Request.Form("vPassword") then 
          response.write "<script language=javascript> alert('两次输入的密码不一样！');history.back(-1);</script>"
          response.end
	    end if
	    rs("Password")=Md5(Request.Form("Password"))
	  end if
	  rs("UserName")=trim(Request.Form("UserName"))
	  rs("AdminPurview")=Request.Form("Purview1") & Request.Form("Purview2") &_
	                     Request.Form("Purview3") & Request.Form("Purview4") & Request.Form("Purview5") &_
	                     Request.Form("Purview6") & Request.Form("Purview7") & Request.Form("Purview8") &_
	                     Request.Form("Purview9") & Request.Form("Purview10") & Request.Form("Purview11") &_
	                     Request.Form("Purview12") & Request.Form("Purview13") &_
	                     Request.Form("Purview14") & Request.Form("Purview15") & Request.Form("Purview16") &_
	                     Request.Form("Purview17") & Request.Form("Purview18") &_
	                     Request.Form("Purview19") & Request.Form("Purview20") & Request.Form("Purview21") &_
	                     Request.Form("Purview22") & Request.Form("Purview23") & Request.Form("Purview24") &_
	                     Request.Form("Purview25") &_
	                     Request.Form("Purview26") & Request.Form("Purview27") & Request.Form("Purview28") &_
	                     Request.Form("Purview29") & Request.Form("Purview30") & Request.Form("Purview31") &_
	                     Request.Form("Purview32") & Request.Form("Purview33") & Request.Form("Purview34") &_
	                     Request.Form("Purview35") & Request.Form("Purview36") & Request.Form("Purview37") &_
	                     Request.Form("Purview38") & Request.Form("Purview39")
	  rs("Explain")=trim(Request.Form("Explain"))
	end if
	rs.update
	rs.close
    set rs=nothing 
    response.write "<script language=javascript> alert('成功编辑网站管理员！');changeAdminFlag('网站管理员');location.replace('AdminList.asp');</script>"
  else '提取管理员信息
	if Result="Modify" then
      set rs = server.createobject("adodb.recordset")
      sql="select * from Martech_Admin where ID="& ID
      rs.open sql,conn,1,1
	  AdminName=rs("AdminName")
	  Working=rs("Working")
	  UserName=rs("UserName")
	  Purview=rs("AdminPurview")
	  Explain=rs("Explain")
	  rs.close
      set rs=nothing 
	end if
  end if
end sub
  
%>
